Bug#400955: base64 problems authenticating using gssapi
Sam Hartman
hartmans at mit.edu
Thu Nov 30 15:49:46 CET 2006
>>>>> "Fabian" == Fabian Fagerholm <fabbe at paniq.net> writes:
Fabian> On Wed, 2006-11-29 at 15:08 -0500, Sam Hartman wrote:
>> I get a base64 error authenticating to a system that works fine
>> with a previous version of sasl.
>>
>> To reproduce:
Fabian> [...]
>> You get a base64 decoding error. With the old sasl you should
>> get an authentication failure because testprinc is not allowed
>> to read my mail.
Fabian> Thanks for the report!
Fabian> I don't have a Kerberos system to test against right
Fabian> now. Could you try to pinpoint what's going on here? More
Fabian> detailed error messages, straces, anything that might help
Fabian> narrow down where the failure occurs.
I'll be happy to try and debug but my time is incredibly limited right now.
So, that's why I I did give you a principal and password and sufficient
installation instructions to trivially set up a case to reproduce on
any Debian box on the open internet.
I don't mind if people trying to fix this bug attempt to use my
server. I'll delete testprinc at SUCHDAMAGE.ORG after the bug is closed.
Since this is a base64 error, I suspect it's probably in the base sasl
library not in the gssapi module. I really have only dug around in
the guts of Cyrus SASL's GSSAPI module, not the protocol handling etc.
That or memory corruption.
Fabian> Also, what about the case when the authentication should
Fabian> succeed? Does it succeed or do you get some similar,
Fabian> unexpected error?
Sorry. I really did file a crappy bug report. You get the same
base64 error with the new sasl, but you get success authenticating
with the old SASL.
I believe that the old SASL is correct; using implementations like
pine, Apple's mail.app, which are not based on cyrus-sasl also work
against imap.suchdamage.org.
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list